Ive had a look at the .EBN files in the past. I have not tried to decompile it & honestly I have limited working experience with asm, but I have run it through a hexeditor and come up with the following:
From address 2000 you will notice that the file is infact.. thats right, a RAR archive (note the infamous "Rar!" header data there). I havent quite got the rar extraction down perfectly.. but extracting the data from this point onwards to a .rar file does provide access to \Source\Blues_Dual_Lib_Data\SDRAM_SAMSUNG_DUAL\SDR AM_image.bin. This procedure is far from perfect though, as WinRAR kept reminding me this results in a rar file with a partially corrupted header, I assume since there is additional data appended after the end of the rar archive.
Opening this SDRAM_image.bin in a hexeditor shows a trend between this file and the original .EBN file. Both contain a large section of header data which includes "CUFD", so I am inclined to believe this is header data for executable code for this platform. .EBN then holds a means of extracting the .rar file (which holds more interesting data) into the correct area of the M6.
In this file there are references to DokDoFS and a lot of suprious english text regarding USB connection/disconnection, audio codec errors and so forth. I also noticed a few file paths here and there (e.g. \SYSTEM\SYS_MUSICBG.DAT) which appear to be in 16bit unicode format (ASCII chars with leading 00s). There is also some text saying "Usb type is USB_HOST", which looks hopeful for later releases
Theres even references to assertions & semaphores in what looks like more extensive debugging text. Relatively high level concepts for such a dinky little embedded device.
Other text of interest:
- "no camera" (seems to be some generic blocks of code?)
- "file not seekable" (file IO is obviously available here)
- "D:\8700\Blues_SDK\Source\APP\WMALSL\WMALSL_Lib\ms audiocodec.c" (in ASCII, there are actually quite a few of these references to c files) .. the WMA codec perhaps? I think so!
- "D:\8700\Blues_SDK\Source\DEVICES\JANUS\JanusDRM\k div.c" - intriguing
- "Microsoft Corporation" (making its rounds)
- "FCLK_CPU = %d Mhz", "FCLK_DSP", "HCLK", "PCLK", "MCLK" some interesting text for speed outputs, most notably CPU & digital signal processor
- An extensive XML sample for Microsoft DRM certificates
- "M6.EBN" and "RESOURCE.BIN" (16bit unicode) - a couple of references each
- "\SYSTEM\SETTINGS.DAT" (16bit unicode)
- "FAT32" "FAT16"
- "D:\8700\Blues_SDK\Source\FileSystem\Whimory_v2.1. 2_P02\Core\FTL\FTLInterface.c"
- "Is the volatile memory being used for code execution? -.-;; Internal SRAM is too small to contain all code images! I made a constraint that the code size on iSRAM should be less than 128KB" <-- note the use of japanese emoticons ^_^ hehe
- "S5L8700 uCOSII with DOkdo FS 2007.02.05(3.44)" see line 13C00
So, what have we learnt from this?
- There are references to uCosII (Also see my post here: http://www.meizume.com/showpost.php?...1&postcount=33 )
- Some parts of the code seem rather generic, such as the references to cameras and USB host (which is still not implemented fully in our latest releases).
- The reason why firmware updates take a while is simply because the data needs unpacking from a RAR before writing to non-volatile memory.
- Now what id really be interested to know is whether the SDRAM_image is the entire firmware, or just an OS for the firmware with an API and hooks?
- Comments and debugging text are not removed from compiled code for releases
- It is quite possible that the developers have a software emulator (re: use of assertions, which should ALWAYS be removed from public releases)
- I crave access to this "Blue SDK"
This little rundown was done against "M6 S2.003.2-3" from this forum
.
Linear Mode
